ComboFix 12-07-14.01 - Roll 15/07/2012 19:21:29.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.3069.2307 [GMT 2:00] Gestart vanuit: d:\users\Roll\Desktop\ComboFix.exe gebruikte Opdracht switches :: d:\users\Roll\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "d:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP" "d:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP" "d:\windows\system32\XDva289.sys" "d:\windows\system32\XDva312.sys" "d:\windows\system32\XDva370.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_XDVA289 -------\Legacy_XDVA312 -------\Legacy_XDVA370 -------\Service_XDva289 -------\Service_XDva312 -------\Service_XDva370 . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))) . . 2012-07-15 17:34 . 2012-07-15 17:34 -------- d-----w- d:\users\Default\AppData\Local\temp 2012-07-15 09:50 . 2012-07-15 17:37 -------- d-----w- d:\users\Roll\AppData\Local\temp 2012-07-15 08:14 . 2012-07-15 08:14 388096 ----a-r- d:\users\Roll\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-15 08:14 . 2012-07-15 08:14 -------- d-----w- d:\program files\Trend Micro 2012-07-15 02:13 . 2012-07-14 16:45 -------- d-----w- d:\windows\Microsoft Antimalware 2012-07-15 02:13 . 2012-07-14 16:45 -------- d-----w- d:\windows\Microsoft anti-malware 2012-07-14 17:36 . 2012-07-14 17:37 -------- d-----w- d:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP 2012-07-14 16:53 . 2012-07-14 17:45 -------- d-----w- d:\program files\GridinSoft Trojan Killer 2012-07-14 15:29 . 2012-07-14 15:29 -------- d-----w- d:\program files\Enigma Software Group 2012-07-14 15:29 . 2012-07-14 16:45 -------- d-----w- d:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-07-14 15:08 . 2012-07-14 16:46 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware 2012-07-11 18:31 . 2012-07-11 18:31 -------- d-----w- d:\users\Roll\AppData\Roaming\Intermedia Software 2012-07-11 18:30 . 2003-04-18 14:29 44544 ----a-w- d:\windows\system32\msxml4a.dll 2012-07-09 20:09 . 2012-07-09 20:09 -------- d-----w- d:\users\Roll\AppData\Roaming\NVIDIA 2012-07-09 11:49 . 2012-05-15 09:28 2561344 ----a-w- d:\windows\system32\nvsvcr.dll 2012-07-09 11:49 . 2012-05-15 09:28 645440 ----a-w- d:\windows\system32\nvvsvc.exe 2012-07-09 11:49 . 2012-05-15 09:28 62272 ----a-w- d:\windows\system32\nvshext.dll 2012-07-09 11:49 . 2012-05-15 09:28 108352 ----a-w- d:\windows\system32\nvmctray.dll 2012-07-09 11:49 . 2012-05-15 09:28 3931456 ----a-w- d:\windows\system32\nvcpl.dll 2012-07-09 11:49 . 2012-05-15 09:27 2759488 ----a-w- d:\windows\system32\nvsvc.dll 2012-07-09 11:49 . 2012-05-15 10:26 61248 ----a-w- d:\windows\system32\OpenCL.dll 2012-07-09 11:48 . 2012-07-09 11:48 -------- d-----w- d:\programdata\NVIDIA Corporation 2012-07-04 09:17 . 2012-07-04 09:17 -------- d-----w- d:\programdata\Steam 2012-07-04 09:17 . 2012-07-15 16:14 -------- d-----w- d:\programdata\PopCap Games 2012-07-01 08:56 . 2012-07-01 08:56 -------- d-----w- d:\users\Roll\AppData\Roaming\Carbon 2012-06-19 18:40 . 2012-06-19 18:40 -------- d-----w- d:\users\Roll\AppData\Local\THQ 2012-06-19 14:51 . 2012-06-19 14:51 -------- d-----w- d:\users\Roll\AppData\Local\Deployment 2012-06-17 08:34 . 2012-06-17 08:34 -------- d-----w- d:\users\Roll\AppData\Local\Macromedia 2012-06-16 12:00 . 2012-07-12 23:30 -------- d-----w- d:\program files\THQ . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-01 07:04 . 2012-04-12 08:24 426184 ----a-w- d:\windows\system32\FlashPlayerApp.exe 2012-07-01 07:04 . 2011-06-24 12:37 70344 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-11 21:22 . 2012-06-11 21:22 1409 ----a-w- d:\windows\QTFont.for 2012-06-11 20:42 . 2010-10-05 05:14 107888 ----a-w- d:\windows\system32\CmdLineExt.dll 2012-06-09 12:47 . 2012-06-09 12:45 119296 ----a-w- d:\windows\system32\zlib.dll 2012-05-10 12:39 . 2010-08-08 12:37 477240 ----a-w- d:\windows\system32\drivers\sptd.sys 2012-04-29 15:50 . 2010-08-16 22:20 704136 ----a-w- d:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-04-27 08:20 . 2012-05-11 07:49 137928 ----a-w- d:\windows\system32\drivers\avipbb.sys 2012-04-24 22:32 . 2012-05-11 07:49 83392 ----a-w- d:\windows\system32\drivers\avgntflt.sys 2012-04-16 19:18 . 2012-05-11 07:49 36000 ----a-w- d:\windows\system32\drivers\avkmgr.sys 2012-06-14 22:20 . 2012-07-14 21:09 85472 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WhatPulse"="d:\program files\WhatPulse\WhatPulse.exe" [2011-11-15 3990528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="d:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-17 8092192] "avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoThumbnail"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NextPVR Tray.lnk] path=d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NextPVR Tray.lnk backup=d:\windows\pss\NextPVR Tray.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk] path=d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk backup=d:\windows\pss\UltraMon.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 08:07 843712 ----a-r- d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-03-27 12:41 37296 ----a-w- d:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-02-21 22:14 136176 ----atw- d:\users\Roll\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2009-06-04 18:03 186904 ----a-w- d:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2009-12-15 19:11 1115728 ----a-w- d:\program files\Launch Manager\LManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2012-05-15 09:28 3931456 ----a-w- d:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI] 2009-11-20 14:34 200704 ----a-w- d:\windows\PLFSetI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 12:02 254696 ----a-w- d:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2008-04-04 15:26 1037608 ----a-w- d:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-12-09 10:45 74752 ----a-w- d:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat] 2009-09-30 15:57 718688 ----a-w- d:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe . R2 NPVR Recording Service;NPVR Recording Service;d:\program files\NPVR\NRecord.exe [x] R3 EagleXNt;EagleXNt;d:\windows\system32\drivers\EagleXNt.sys [x] R3 FlashUSB;FlashUSB;d:\windows\system32\DRIVERS\FlashUSB.sys [x] R3 JMCR;JMCR;d:\windows\system32\DRIVERS\jmcr.sys [x] R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;d:\windows\system32\DRIVERS\libusb0.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;d:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 npggsvc;nProtect GameGuard Service;d:\windows\system32\GameMon.des [x] R3 pspdisp;pspdisp;d:\windows\system32\DRIVERS\pspdisp.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;d:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;d:\windows\system32\drivers\synth3dvsc.sys [x] R3 tapoas;TAP-Win32 Adapter OAS;d:\windows\system32\DRIVERS\tapoas.sys [x] R3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;d:\windows\system32\drivers\tsusbhub.sys [x] R3 VBoxUSB;VirtualBox USB;d:\windows\system32\Drivers\VBoxUSB.sys [x] R3 vfs101x;vfs101x;d:\windows\system32\drivers\vfs101x.sys [x] R3 VGPU;VGPU;d:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;d:\windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;d:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 avkmgr;avkmgr;d:\windows\system32\DRIVERS\avkmgr.sys [x] S1 VBoxDrv;VirtualBox Service;d:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S2 AntiVirSchedulerService;Avira Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 Htsysm;Htsysm;d:\windows\system32\HtsysmNT.sys [x] S2 TeamViewer7;TeamViewer 7;d:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x] S2 UltraMonUtility;UltraMon Utility Driver;d:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [x] S2 vfsFPService;Validity Fingerprint Service;d:\windows\system32\vfsFPService.exe [x] S3 A310;AVerMedia A310 DVB-T;d:\windows\system32\DRIVERS\AVerA310USB.sys [x] S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;d:\windows\system32\drivers\AVerA310Cap.sys [x] S3 itecir;ITECIR Infrared Receiver;d:\windows\system32\DRIVERS\itecir.sys [x] S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;d:\windows\system32\DRIVERS\netw5v32.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;d:\windows\system32\drivers\nvhda32v.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2012-07-15 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3479384541-4169126738-2660178339-1001Core.job - d:\users\Roll\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-21 22:14] . 2012-07-15 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3479384541-4169126738-2660178339-1001UA.job - d:\users\Roll\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-21 22:14] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.com/ uInternet Settings,ProxyOverride = Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 172.16.0.1 DPF: {21CEC2FC-24FA-4EEB-A043-3CC248060880} - hxxps://www.digimonmasters.com/inc/ActiveX/launcher/Digitalic%20Launcher.cab DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} - hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab FF - ProfilePath - d:\users\Roll\AppData\Roaming\Mozilla\Firefox\Profiles\wp2fojbz.default\ FF - prefs.js: browser.startup.homepage - hxxp://impsvillage.com/forums/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q= FF - prefs.js: network.proxy.type - 0 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="d:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-3479384541-4169126738-2660178339-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*P*e*a*c*e*k*e*e*Èm/D\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-3479384541-4169126738-2660178339-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*t*o*r*e*n*t*0I€N\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-3479384541-4169126738-2660178339-1001\Software\SecuROM\License information*] "datasecu"=hex:2a,e6,0e,f9,9e,71,94,f4,08,6a,5f,86,4e,fe,9a,2e,0a,48,af,0e,e9, 7d,0f,7e,ae,20,3d,97,93,e4,74,05,fb,df,8e,1e,dc,2d,03,40,ab,7f,a4,0f,94,1d,\ "rkeysecu"=hex:da,a7,16,f9,ad,a6,ef,2c,1f,76,4f,de,d2,3f,8a,a3 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . d:\windows\system32\nvvsvc.exe d:\program files\NVIDIA Corporation\Display\nvxdsync.exe d:\windows\system32\nvvsvc.exe d:\windows\system32\agrsmsvc.exe d:\program files\Avira\AntiVir Desktop\avguard.exe d:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE d:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe d:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe d:\windows\system32\taskhost.exe d:\program files\Avira\AntiVir Desktop\avshadow.exe d:\windows\system32\conhost.exe d:\windows\system32\conhost.exe d:\program files\Windows Media Player\wmpnetwk.exe d:\windows\system32\sppsvc.exe d:\windows\system32\DllHost.exe . ************************************************************************** . Voltooingstijd: 2012-07-15 19:43:20 - machine werd herstart ComboFix-quarantined-files.txt 2012-07-15 17:43 ComboFix2.txt 2012-07-15 09:50 . Pre-Run: 119,313,158,144 bytes free Post-Run: 118,888,972,288 bytes free . - - End Of File - - 3A722D245E2AB831C62D7AE29C12C651